Disk Drive Security 3.11破解分析
【破文标题】Disk Drive Security 3.11破解分析【破文作者】萧萧黄叶
【作者邮箱】
【作者主页】
【破解工具】PEiD,C32asm,OD
【破解平台】winxp
【软件名称】Disk Drive Security 3.11
【软件大小】543KB
【原版下载】http://www.newhua.com/soft/4824.htm
【保护方式】
【软件简介】 功能强大的磁盘安全工具,在主界面继承了所有的驱动器设置功能,并将所有可能存在的盘符列表显示。通过安全密码保护机制,能够隐藏或者锁本地磁盘、网络、软驱和USB驱动器,还可以在指定的驱动器类型中关闭自动播放功能
【破解声明】我是一只小小鸟!高手请飘过!
------------------------------------------------------------------------
【破解过程】运行程序提示要注册,随便注册了,出现错误提示:"Registration code is invalid!"
PEiD探壳:Borland Delphi 6.0 - 7.0
C32asm:
0046AC67MOV EDX,46ADA8 \->: Registration code is invalid!
0046AC43MOV EDX,46AD70 \->: Registration has been completed successfully!
根据反汇编结果在OD中下断点,载入程序运行,开始在这里:
0046DE7C > $55 PUSH EBP
0046DE7D .8BEC MOV EBP,ESP
0046DE7F .83C4 F0 ADD ESP,-10
F9运行,注册,我用的是123456,“OK”后断在此处:
0046AB17|.51 PUSH ECX
0046AB18|.8945 FC MOV DWORD PTR SS:,EAX
0046AB1B|.33C0 XOR EAX,EAX
0046AB1D|.55 PUSH EBP
0046AB1E|.68 A8AC4600 PUSH disklock.0046ACA8
0046AB23|.64:FF30 PUSH DWORD PTR FS:
0046AB26|.64:8920 MOV DWORD PTR FS:,ESP
0046AB29|.8D55 EC LEA EDX,DWORD PTR SS:
0046AB2C|.8B45 FC MOV EAX,DWORD PTR SS:
0046AB2F|.8B80 AC030000 MOV EAX,DWORD PTR DS:
0046AB35|.E8 2260FDFF CALL disklock.00440B5C
0046AB3A|.8B45 EC MOV EAX,DWORD PTR SS: ;假码出现在堆栈和提示框中。
0046AB3D|.8D55 F0 LEA EDX,DWORD PTR SS:
0046AB40|.E8 EBB6FFFF CALL disklock.00466230
0046AB45|.8B55 F0 MOV EDX,DWORD PTR SS:
0046AB48|.B8 884D4700 MOV EAX,disklock.00474D88
0046AB4D|.E8 EA9EF9FF CALL disklock.00404A3C
0046AB52|.E8 11FDFFFF CALL disklock.0046A868 ;算法对比中心,当然要跟进!
0046AB57|.8845 FB MOV BYTE PTR SS:,AL
0046AB5A|.807D FB 00 CMP BYTE PTR SS:,0
0046AB5E|.0F84 F2000000 JE disklock.0046AC56 ;这里是关键跳,一跳就死!
0046AB64|.8B45 FC MOV EAX,DWORD PTR SS:
0046AB67|.C680 CC030000>MOV BYTE PTR DS:,1
0046AB6E|.8D45 F4 LEA EAX,DWORD PTR SS:
0046AB71|.50 PUSH EAX
0046AB72|.8D55 E8 LEA EDX,DWORD PTR SS:
0046AB75|.B8 C0AC4600 MOV EAX,disklock.0046ACC0 ;ASCII "B9BB8C819888AB829FBA848389829ABE849788"
0046AB7A|.E8 91BBFFFF CALL disklock.00466710
0046AB7F|.8B45 E8 MOV EAX,DWORD PTR SS:
0046AB82|.50 PUSH EAX
0046AB83|.8D55 E4 LEA EDX,DWORD PTR SS:
0046AB86|.B8 F0AC4600 MOV EAX,disklock.0046ACF0 ;ASCII "BE828B999A8C9F88B1C8BDBFA2AAA3ACA0A8C8"
0046AB8B|.E8 D8FDFFFF CALL disklock.0046A968
0046AB90|.8B55 E4 MOV EDX,DWORD PTR SS:
0046AB93|.A1 844D4700 MOV EAX,DWORD PTR DS:
0046AB98|.59 POP ECX
0046AB99|.E8 2EBDFFFF CALL disklock.004668CC
0046AB9E|.8D55 E0 LEA EDX,DWORD PTR SS:
0046ABA1|.A1 884D4700 MOV EAX,DWORD PTR DS:
0046ABA6|.E8 ADBAFFFF CALL disklock.00466658
0046ABAB|.8B45 E0 MOV EAX,DWORD PTR SS:
0046ABAE|.50 PUSH EAX
0046ABAF|.8D55 DC LEA EDX,DWORD PTR SS:
0046ABB2|.B8 20AD4600 MOV EAX,disklock.0046AD20 ;ASCII "BDBB8C819888AB829FBA848389829ABE849788"
0046ABB7|.E8 54BBFFFF CALL disklock.00466710
0046ABBC|.8B45 DC MOV EAX,DWORD PTR SS:
0046ABBF|.50 PUSH EAX
0046ABC0|.8D55 D8 LEA EDX,DWORD PTR SS:
0046ABC3|.B8 F0AC4600 MOV EAX,disklock.0046ACF0 ;ASCII "BE828B999A8C9F88B1C8BDBFA2AAA3ACA0A8C8"
0046ABC8|.E8 9BFDFFFF CALL disklock.0046A968
0046ABCD|.8B55 D8 MOV EDX,DWORD PTR SS:
0046ABD0|.A1 844D4700 MOV EAX,DWORD PTR DS:
0046ABD5|.59 POP ECX
0046ABD6|.E8 95BDFFFF CALL disklock.00466970
0046ABDB|.837D F4 00 CMP DWORD PTR SS:,0
0046ABDF|.75 44 JNZ SHORT disklock.0046AC25
0046ABE1|.E8 CEF9F9FF CALL disklock.0040A5B4
0046ABE6|.83C4 F4 ADD ESP,-0C
0046ABE9|.DB3C24 FSTP TBYTE PTR SS: ; |
0046ABEC|.9B WAIT ; |
0046ABED|.8D45 D4 LEA EAX,DWORD PTR SS: ; |
0046ABF0|.E8 77F4F9FF CALL disklock.0040A06C ; \disklock.0040A06C
0046ABF5|.8B45 D4 MOV EAX,DWORD PTR SS:
0046ABF8|.50 PUSH EAX
0046ABF9|.8D55 D0 LEA EDX,DWORD PTR SS:
0046ABFC|.B8 C0AC4600 MOV EAX,disklock.0046ACC0 ;ASCII "B9BB8C819888AB829FBA848389829ABE849788"
0046AC01|.E8 0ABBFFFF CALL disklock.00466710
0046AC06|.8B45 D0 MOV EAX,DWORD PTR SS:
0046AC09|.50 PUSH EAX
0046AC0A|.8D55 CC LEA EDX,DWORD PTR SS:
0046AC0D|.B8 F0AC4600 MOV EAX,disklock.0046ACF0 ;ASCII "BE828B999A8C9F88B1C8BDBFA2AAA3ACA0A8C8"
0046AC12|.E8 51FDFFFF CALL disklock.0046A968
0046AC17|.8B55 CC MOV EDX,DWORD PTR SS:
0046AC1A|.A1 844D4700 MOV EAX,DWORD PTR DS:
0046AC1F|.59 POP ECX
0046AC20|.E8 4BBDFFFF CALL disklock.00466970
0046AC25|>A1 A0F94600 MOV EAX,DWORD PTR DS:
0046AC2A|.8B00 MOV EAX,DWORD PTR DS:
0046AC2C|.8B80 B0030000 MOV EAX,DWORD PTR DS:
0046AC32|.BA 50AD4600 MOV EDX,disklock.0046AD50 ;ASCII "Software (Ctrl+R)"
0046AC37|.E8 2C7AFEFF CALL disklock.00452668
0046AC3C|.6A 40 PUSH 40
0046AC3E|.B9 64AD4600 MOV ECX,disklock.0046AD64 ;ASCII "Information"
0046AC43|.BA 70AD4600 MOV EDX,disklock.0046AD70 ;ASCII "Registration has been completed successfully!"
0046AC48|.A1 A0FB4600 MOV EAX,DWORD PTR DS:
0046AC4D|.8B00 MOV EAX,DWORD PTR DS:
0046AC4F|.E8 0059FFFF CALL disklock.00460554
0046AC54|.EB 22 JMP SHORT disklock.0046AC78
0046AC56|>B8 884D4700 MOV EAX,disklock.00474D88
0046AC5B|.E8 889DF9FF CALL disklock.004049E8
0046AC60|.6A 10 PUSH 10
0046AC62|.B9 A0AD4600 MOV ECX,disklock.0046ADA0 ;ASCII "Error"
0046AC67|.BA A8AD4600 MOV EDX,disklock.0046ADA8 ;ASCII "Registration code is invalid!"
0046AC6C|.A1 A0FB4600 MOV EAX,DWORD PTR DS:
0046AC71|.8B00 MOV EAX,DWORD PTR DS:
0046AC73|.E8 DC58FFFF CALL disklock.00460554
0046AC78|>33C0 XOR EAX,EAX
CALL 0046A868跟进:
0046A868/$55 PUSH EBP
0046A869|.8BEC MOV EBP,ESP
0046A86B|.83C4 F0 ADD ESP,-10
0046A86E|.33C0 XOR EAX,EAX
0046A870|.8945 F8 MOV DWORD PTR SS:,EAX
0046A873|.C645 FF 00 MOV BYTE PTR SS:,0
0046A877|.A1 884D4700 MOV EAX,DWORD PTR DS:
0046A87C|.8945 F4 MOV DWORD PTR SS:,EAX
0046A87F|.8B45 F4 MOV EAX,DWORD PTR SS:
0046A882|.8945 F0 MOV DWORD PTR SS:,EAX
0046A885|.837D F0 00 CMP DWORD PTR SS:,0
0046A889|.74 0B JE SHORT disklock.0046A896
0046A88B|.8B45 F0 MOV EAX,DWORD PTR SS:
0046A88E|.83E8 04 SUB EAX,4
0046A891|.8B00 MOV EAX,DWORD PTR DS: ;取注册码的位数。
0046A893|.8945 F0 MOV DWORD PTR SS:,EAX
0046A896|>837D F0 0E CMP DWORD PTR SS:,0E ;看看注册码是不是14位,不是就跳走,不进行比较了。所以到这里只好重新来一次了,这一次用12345678901234来注册。
0046A89A|.0F85 85000000 JNZ disklock.0046A925
继续了:
0046A8A0|.A1 884D4700 MOV EAX,DWORD PTR DS:
0046A8A5|.8038 34 CMP BYTE PTR DS:,34 ;取注册码的第一位与34相比较。
0046A8A8|.0F94C0 SETE AL ;相等为真,AL=1,不相等为假,AL=0
0046A8AB|.83E0 7F AND EAX,7F
0046A8AE|.0145 F8 ADD DWORD PTR SS:,EAX ;将EAX的值加起来保存。
0046A8B1|.A1 884D4700 MOV EAX,DWORD PTR DS:
0046A8B6|.8078 02 36 CMP BYTE PTR DS:,36 ;取注册码的第三位与36相比较。
0046A8BA|.0F94C0 SETE AL
0046A8BD|.83E0 7F AND EAX,7F
0046A8C0|.0145 F8 ADD DWORD PTR SS:,EAX
0046A8C3|.A1 884D4700 MOV EAX,DWORD PTR DS:
0046A8C8|.8078 03 31 CMP BYTE PTR DS:,31 ;取注册码的第四位与31相比较。
0046A8CC|.0F94C0 SETE AL
0046A8CF|.83E0 7F AND EAX,7F
0046A8D2|.0145 F8 ADD DWORD PTR SS:,EAX
0046A8D5|.A1 884D4700 MOV EAX,DWORD PTR DS:
0046A8DA|.8078 04 32 CMP BYTE PTR DS:,32 ;取注册码的第五位与32相比较。
0046A8DE|.0F94C0 SETE AL
0046A8E1|.83E0 7F AND EAX,7F
0046A8E4|.0145 F8 ADD DWORD PTR SS:,EAX
0046A8E7|.A1 884D4700 MOV EAX,DWORD PTR DS:
0046A8EC|.8078 07 36 CMP BYTE PTR DS:,36 ;取注册码的第八位与36相比较。
0046A8F0|.0F94C0 SETE AL
0046A8F3|.83E0 7F AND EAX,7F
0046A8F6|.0145 F8 ADD DWORD PTR SS:,EAX
0046A8F9|.A1 884D4700 MOV EAX,DWORD PTR DS:
0046A8FE|.8078 08 36 CMP BYTE PTR DS:,36 ;取注册码的第九位与36相比较。
0046A902|.0F94C0 SETE AL
0046A905|.83E0 7F AND EAX,7F
0046A908|.0145 F8 ADD DWORD PTR SS:,EAX
0046A90B|.A1 884D4700 MOV EAX,DWORD PTR DS:
0046A910|.8078 0A 37 CMP BYTE PTR DS:,37 ;取注册码的第十一位与37相比较。
0046A914|.0F94C0 SETE AL
0046A917|.83E0 7F AND EAX,7F
0046A91A|.0145 F8 ADD DWORD PTR SS:,EAX
0046A91D|.837D F8 07 CMP DWORD PTR SS:,7 ;最后将EAX的总计与7比较,不相等就没有注册成功。
0046A921|.0F9445 FF SETE BYTE PTR SS:
0046A925|>8A45 FF MOV AL,BYTE PTR SS:
0046A928|.8BE5 MOV ESP,EBP
0046A92A|.5D POP EBP
0046A92B\.C3 RETN
------------------------------------------------------------------------
【破解总结】注册方法很简单:
取注册码的第1、3、4、5、8、9、11位的ASC码分别与34、36、31、32、36、36、37相比较,全部相等就注册成功,其他位的数字没有特殊要求。
------------------------------------------------------------------------
【版权声明】仅限用于学习和交流目的,不得将注册内容用于商业或者非法用途,如果您喜欢该程序,得到更好的正版服务,请购买注册。 厉害啊。我一来就看到这个。但是看不懂。另外,这个磁盘安全工具我一直没明白究竟做什么的,何谓磁盘安全工具。 从简单的学起正好
页:
[1]